Hello,
We are attempting to sync over some data from OpenLDAP into Win AD.
The approach thus far has been to use slapd-sock in overlay mode and
attach a listener.
Our configuration snippet is as follows:
---
moduleload back_sock
overlay sock
extensions connid
socketpath /var/run/openldap/winad-sync-overlay.sock
sockops add bind delete modify modrdn
sockresps result
---
What I have noticed is that on a successful BIND, no corresponding
RESULT is received. However, on a BIND failure, we do, with a non-zero
code (as expected).
Another interesting situation is as follows:
* On an unsuccessful BIND, we get 2 messages, a BIND and a MODIFY --
we also use the `ppolicy` module, so it sets the pwdFailureTime, an
'add' change, on a BIND failure. This is fine.
* However, both the BIND and MODIFY have the same msgid.
* Finally, we get one RESULT back with the same msgid.
Continuing on, if I then BIND successfully, as above, I get:
* BIND and MODIFY -- this time the MODIFY clears pwdFailureTime, a
delete change. Same msgid on both BIND and MODIFY.
* Again, only one RESULT, with the corresponding msgid.
Have I misconfigured something, or is this expected behaviour? In all
cases, have made sure I'm sending through CONTINUE after each message.
I guess, I'd expect a RESULT for each request message, it would
certainly make message processing much simpler and deterministic:
* Receive request, store, keyed by conn id and msg id.
* Receive RESULT, find corresponding request, and process accordingly.
I only have this issue on BIND, as far as I can tell, at least for the
`sockops` I'm interested in.
Any suggestions are much appreciated. Thanks very much.
Regards,
Kamal
PS. Happy to provide transcripts of output, just keeping the initial
email size manageable. Please let me know.
PPS. Another quirk is, it appears that I get a RESULT for a SEARCH,
even though I am not subscribed to it in `sockops`, but happy to
ignore this for now!
--
There is more to life than increasing its speed.
-- Mahatma Gandhi